Get Results From a File Search and Export

Endpoint URL: https://<your server>/rest/sensors/action/fileSearch/csv/:batchID
Endpoint URI: sensors/action/fileSearch/csv/:batchID

Action: GET

Returns the results for a specified file search batch and exports them as a CSV list.

This request is supported from versions 19.0 and higher.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

None


Request Parameters

URL/URI parameters You must provide the batch ID for the search as part of the URL.

Request Body Parameters: None


Response Status Code

This request can return the following status codes:

  • 200: Success OK

  • 404 - Content not found: The batch ID you entered in the URL is not correct or up to date


Response Success Schema

The response contains a CSV file with the following fields:

Field

Type

Description

File Name

String

The file name for the file search operation

Machine Name

String

The machine or machine names specified in the file search operation.

File Path

String

The complete path to the file in the search.

File Size

Integer

The number of bytes for the file

Created At

Integer

The time (in epoch) when the file was created

Last Modified

Integer

The time (in epoch) when the file was last modified.

Matched YARA rules

String

Names of YARA rules that had a match on this file.


Response Failure Schema

A 404 error code with a message indicating Content not found is reported.


Important Response Fields

The CSV list contains only relevant information, so all fields in the list are important to understand your results.


Example: View previous search results and export

Request

curl --request GET \
            --url \https://12.34.56.78/rest/sensors/action/fileSearch/csv/-1312043715 \
            --header 'Content-Type:application/json' \

Response

File Name,Machine Name,File Path,File Size,Created At,Last Modified,Matched YARA Rules
file.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,11021,"Sunday, October 28, 2018 7:59:50 AM UTC","Sunday, October 28, 2018 7:59:55 AM UTC",interesting_strings_1;other_rule
malicious.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,211603202,"Monday, October 29, 2018 2:46:26 PM UTC","Wednesday, October 31, 2018 11:22:52 AM UTC",interesting_strings_1;other_rule